If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

EMail Harvesting

a client of mine told me that he uses a website that manages mailing lists to keep track of clients All subscribed in his case, But the possibility for this website to promote spam borthered me.

I went to the website looked at the start page and then left. End of story.

To my utter discomfort I received a message from the website in my mailbox addressed to me without me confirming clicking or anythinging on the site.

I have done some reading about this and have realised that a website can do a couple of things to get your browser to divulge a email address.

I use Firefox and IE and for interest sake I visisted the page in firefox to see if I get another mail from them.

All of this is only relevant to me as I would love to know how to prevent this from happening?

Some background:
My local mail server uses 3 blacklists and I have just added spamcop as a 4th.
I use spailator to filter rubbish - but I feel outlook 2003's junk filter is better as it.
I have a IPcop firewall and url filter to try and block ickky pages and adds.

All subscribed in his case, But the possibility for this website to promote spam borthered me.

Then you don't have a trustable friend - he just lied to you...... Kick his azz when you see him next.

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

from what I read a website can either reques a login to a annonymous ftp and that will cause some browsers to provide it with your address and the other way is possibly some javascript that collects it somehow.

I'd guess at a script or ActiveX that crosses the boundary between the internet zone and the local/trusted zone that reads the, predictable, location of the outlook express configuration.... But thats a WAG, (Wild Assed Guess)....

Don\'t SYN us.... We\'ll SYN you..... \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Originally posted here by Tiger Shark I'd guess at a script or ActiveX that crosses the boundary between the internet zone and the local/trusted zone that reads the, predictable, location of the outlook express configuration.... But thats a WAG, (Wild Assed Guess)....

Yes it is a WAG, not impossible but improbable. Would the ActiveX not be prompted? Unless the browser is not set up to prompt, which I would assume anyone worth their salt would have in effect. As far as the script, it would more than likely require a little more interaction within the site. More than just a cursory glance.

I played with some Javascript about four years ago trying to do something similar. As I remember it always asked to confirm sending the e-mail. At the time I did not have control over the server, which, as I recall, was the main stumbling block.

Just curious: was there anything left in your sent folder?

" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes

as you said, he uses that site to keep track of his mailing lists. he probably has a mailing list of suppliers that he put you on. he doesn't care that they use the stored addys to spam with...as long as it makes HIS life easier in some way.

Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”